May 20th 2024.
In today's world, proving your identity is a routine task that we all have to do regularly. But now, with Australia passing its first legislation for a national digital ID, this process is about to undergo a major transformation. The laws were passed in mid-May, following the federal budget, and are set to come into effect in November. However, the digital ID system itself is already up and running.
So, what exactly is a digital ID and how does it work? And why do we need it? Will Australia's system live up to expectations? These are the questions on everyone's minds. Here's everything you need to know.
Firstly, it's important to distinguish digital IDs from digital licenses. While the latter is simply a digital version of a physical card, a digital ID goes beyond that. It is a system that allows Australians to quickly and easily prove their identity without having to provide multiple forms of identification to different organizations. Lauren Perry, a responsible policy specialist at the UTS Human Technology Institute, explains, "I often talk about avoiding that painful process of collecting 100 points of ID – having to scan them, get them printed and get some undecided back of them and like exactly all of that physical paperwork and face to face interactions." With a digital ID, you only need to go through the verification process once and then you can use it for multiple online interactions.
The digital ID acts as a mediator between the user and the organization that needs to verify their identity. Dr. Erica Mealy, a computer science lecturer at the University of the Sunshine Coast, compares it to having a wingman at a pub. "It's like setting that up through an app on your phone. So when you go to an organization, you type in their number that they give you, which is registered with the government scheme, into an app that you have on your phone. And then it contacts that organization through the pathway that they have approved with the government and says, 'Yes, we've got Erica's app you, I can verify this is Erica'."
Currently, the government's myGovID app is the only one that can perform this task. However, with the new legislation, private providers will also be able to get involved in the future.
The main reason for creating a national digital ID is to enhance security. "The current system is plagued by identity theft, fraud, and a lack of control over personal data," says Dr. Philip Bos, a security expert and founder of privacy protection software company BlueKee. By sharing personal documents and information with a single provider, the digital ID system can mitigate the risk of identity theft from data breaches and hacks that have affected companies like Optus, Medibank, and Latitude in recent years. "Australia is designing the system with a lot of security benefits," adds Lauren Perry.
In addition to the personal benefits of not having to replace physical documents after a hack, the digital ID system can also benefit small and medium-sized businesses. Dr. Mealy explains, "From a cybersecurity perspective, it reduces what we call the 'attack surface', that being the risk of our information getting out because the more organizations that have it, the more accessible it can be... So we're trying to protect those other organizations from attack as well."
However, the Senate committee that reviewed the digital ID legislation did raise some concerns. Most of these concerns have been addressed in the final version of the legislation, except for one. As Lauren Perry explains, "There were definitely concerns that we had and we appeared before the committee hearings and provided submissions around things like voluntariness, inclusion and accessibility redress mechanisms, and a lot of that has actually been taken on by the government and included as amendments, which is fantastic. I think the one thing that isn't quite up to scratch that we were hoping for is the law enforcement and police access to information." While police will require a warrant to access information stored as part of a digital ID, the restrictions could be tighter, according to Perry.
One potential vulnerability of the digital ID system is a cyber attack on the myGovID app. Dr. Mealy explains, "It's susceptible to what we would call an 'adversary in the middle' or a 'man in the middle' attack. That means if someone can get between the app and the government servers, then that can cause problems. But this type of system is generally vulnerable to that kind of attack." Despite this, Lauren Perry believes that the legislation is a step in the right direction and includes good redress mechanisms and data destruction policies.
Finally, the big question – will the national digital ID be compulsory in Australia? The answer is no. While some concerns were raised about the voluntariness of the system, the final legislation states that the digital ID will be completely voluntary.
So, when will the national digital ID be introduced? The myGovID app is already operational for around 130 government services, but private companies will have to wait until the legislation comes into effect in November. The ACCC will be the Digital ID Regulator, along with the Office of the Australian Information Commissioner, who will regulate privacy within the digital ID scheme. Private companies will have access to the system within two years of the legislation coming into effect, which is expected to be by November 2026.
[This article has been trending online recently and has been generated with AI. Your feed is customized.]
[Generative AI is experimental.]
